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ABSTRACT 



Methods and systems for preparing mailpieces involve the 
creation of mailing Ksts which Includes correct and incorrect 
recipient address information. The list is transmitted to a 
data center. Received from the data center is a mailing list 
including addressed hygiened recipient address information 
and a digital token for each znailpiece with encrypted data. 
The encrypted data is based on the corrected address inf or- 
mation for mailpieces with correct address information on 
the transmitted mailing list and on hygiened recipient 
address information the mailpieces with incorrect recipient 
address information on the transmitted mailing list. The 
digital tokens for each mailpiece may also be based on the 
rating parameter information. 

Selection is provided for utilizing a given one of the incor- 
rect recipient address information and the correct recipient 
address information is applied to an encrypter gena-atingthe 
digital tokens. The encrypting means for generating d^ital 
tokens may be located remote &om the mailer facility or on 
a mailer facility or oth^ local area network. Various 
arrangements are enqiloyed in genexating and printing digi- 
tal t<' - - - - - - ... 

ent address information. 
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ELECTRONIC DATA INTERCHANGE 
POSTAGE EVIDENCBSrG SYSTEM 

RELATED APPUCAnONS 
This is a divisional application of Sear. No. 08/161,560 
ffled Dec. 6, 1993, now U.S. Pat No. 5,454,038. 

FIELD OF THE INVENTION 

The present invention relates to value metering systems 
employing electronic data interchange and, more particu- 
larly to a postage evidencing system en^loylng electronic 
data interchange. 

BACKGROUND OF THE INVENTION 

Postage metering systems have been developed which 
employ encrypted information printed on a mailpiece. The 
postage value for a mailpiece may be encrypted together 
with other data to generate a digital token. A digital token is 
encrypted information that authenticates the information 
imprinted on a mailpiece including postal value. Examples 
of systems for generating and using digital tokens are 
described in U.S. Pat. No. 4,757,537 for SYSTEM FOR 
DETECTING UNACCOUNTED FOR PRINTING IN A 
VALUE PRINTING SYSTEM; U.S. Pat No. 4,831.555 for 
UNSECURED POSTAGE APPLYING SYSTEM; U.S. Pat 
No. 4,775,246 for SYSTEM FOR DEIECTING UNAC- 
COUNTED FOR PRINTING EST A VALUE PRINTING 
SYSTEM; U.S. Pat. No. 4,873.645 for SECURE POSTAGE 
DISPENSING SYSTEM; and, U.S. Pat No. 4,725,718 for 
POSTAGE AND MAILING INFORMAHON APPLYING 
SYSTEM. The entire disclosure of these five patents is 
hereby inccxporated by reference. 

As a result of the digital token incorporating encrypted 
value, such as postage value, altering the printed information 
in a Postal Revenue Block is detectable by standard verifi- 
cation procedures. 

It has been recognized that to underpay postage, an 
attempt may be made to interfere with the rating process (as 
opposed to the resulting printed postage value). Systenojs 
have been developed to protect against such attempts by the 
use of hash values and encrypted hash values of various 
rating parameters and rate tables such as is disclosed in U.S. 
patent application Ser. No. 133,398 filed Oct 8, 1993, for 
POSTAL RATING SYSTEM WITH VERIFIABLE 
INTEGRITY by Leon A. Pintsov, Richard A. ConneU, 
Ronald P. Sansone, and Alfred C. Schmidt, and assigned to 
Pitney Bowes Inc. 

In U.S. Pat No. 4,873,645 for SECURE POSTAGE 
DISPENSING SYSTEM and U.S. Pat No. 4,725,718 for 
POSTAGE AND MAILING INFORMAHON APPLYING 
SYSTEM, as well as published French Patent Application 
90 01284 (PubUcation No. 2 657 985 for PROCESS AND 
INSTALLATION FOR CONTROLLING THE COMPUT- 
ERIZED POSTAL METERING OF LETTERS; it has been 
disclosed that addressee information can be benefidaUy 
utilized as part of the encryption process to provide 
enhanced security against counterfeiting of the printed d^- 
tal token since the encrypted information is unique to each 
address. 

SUMMARY OF THE INVENTION 
It has been discovered that a value metering system can be 
provided which employs encryption but has a greater secu- 
rity than heretofore ol^ainable by prior systems. 

It has been further discovered that it is possible to provide 
a digital token for use in imprinting on a mailpiece or ottier 
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item where neither the secret key nor a secret algorithm is 
available at the mailer printing device or at the mailers site. 

It has been further discovered that a large number of 
mailers can be supported in an encryption system with 
5 enhanced key management in a simple and effective manner. 

The present invention further facilitates the utilization of 
address information which may or may not be subject to 
address hygiene at either the mailer's location or a remote 
location or on a netwcrk. 

In accordance with the present invention, methods and 
systems for preparing mailpieces are employed. A maU list 
is created including mailpiece recipient address information 
for each mailpiece. The mailing lists includes correct recipi- 
ent address infonoation and incoirect recipient address 
^ information. The mailing list is transmitted to a data center. 
Received firom the data center is a maiUng list including 
hygiened recipient address information for mailpieces in the 
transmitted mailing list with incorrect recipient address 
information. Additionally received are digital tokens for 
^'^ each mailpiece. Each of the digital tokens includes 
encrypted information for each mailpiece based on the 
correct address information for mailpieces with correct 
address information .on the transn^itted mailing list and on 
hygiened recipient address information for mailpieces with 
incorrect recipient address information on the transmitted 
mailing list. 

In accordance with a feature of the present invention, 
rating parameter information is determined for each mail- 
piece. The rating parameter information constitutes the basis 
upon which the charges for mailpiece delivery is calculated. 
The rating parameter infomiation is Ixansmitted to the data 
center and the received d^tal token for each mailpiece are 
based, in addition to the recipient address information on the 
rating parameter information. 

In accordance with another feature of the present 
invention, recipient address information is generated for 
mailpieces. The recipient address information includes cor- 
rect and Incorrect recipient information. Correct recipient 
4Q information is generated for incorrect recipient information 
and a selected one of the incorrect recipient address infor- 
mation and the corrected recipient address information is 
applied to an encrypter. The encrypter generates encrypted 
data based on the selected one of the incorrect recipient 
45 address information and the correct recipient address infor- 
mation. The encrypted data then may be placed on the 

In accordance with another feature of the present 
invention, recipient address information is communicated 

50 from the noailers facility to a means for encrypting. The 
means for encrypting is located remote from the mailer 
facility and contains encryption algorithm information. 
Encrypted data is generated by the remote encryption means 
based on the communicated recipient infcamation and the 

55 encryption algorithm information. The encrypted data is 
transmitted from die remote encryption means to the mailer 
facility. The mailer facility does not have access to the 
encryption algorithm information. 

In accordance with another feature of the present inven- 

60 tion the encryption algorithm noted above may or may not 
be known; however, secret encryption key information is 
incorporated in the remote encryption means and the mailer 
facility does not have access to this secret encryption key 
information. 

65 In accordance with another feature of the present 
invention, a digital token may be generated based on both 
recipient address information and corrected recipient 



5,6\ 

3 

address information. The digital token is imprinted on the 
mailpiece such that a relationship exists between the 
selected one of the recipient address information and the 
corrected recipient address information and the printed 
digital token. 

In accordance with another feature of the present 
invention, both digital tokens may be printed on the mail- 
piece along with the selected one of the recipient address 
information and the corrected recipient address information. 

In accordance with another feature of the present 
invention, recipient address information may be communi- 
cated from a first location at a mailers facility over a local 
area network to means for encrypting at a second location at 
the mailer facility. The encrypting means is protected by a 
tamper resistant housing and coupled to the local area 
network. The encrypting means contains encryption algo- 
rithm information. The encryption means generates 
encrypted data based on the communicated recipient infor- 
mation and the encryption algorithm information. The 
encrypted data is transmitted from the encryption means 
over the local area network to the mailer facility first 
location. If desired the encrj?pted data may be placed on the 
mailpiece at the mailer facility. 

In still another feature of the present invention, the 
encryption algorithm information may or may not be a 
publicly known encryption algorithm; however, the means 
for encryption contains secret encryption key information. 

BRIEF SUMMARY OF THE DRAWINGS 

Reference is now made to the following FIGURES 
wherein like reference numerals designate isinaiLar elements 
in the various views, and in which: 

FIG. 1 is a block diagram of a postage evidencing system 
architecture embodying the jnresent invention; 

FIG. 2 is a block diagram of a communications arrange- 
ment involving a data center, a central post office and 
regional data centers and post offices suitable for use with 
the architecture disclosed in FIG. 1; 

FIG. 3 is a diagrammatic representation of the mailer unit 
postage evidencing system; 

FIG. 4 is a diagrammatic representation of a data center 
adapted to interact witfi the mailer unit shown in FIG. 3; 

FIG. 5 is a diagrammatic representation of a carrier 
verification system adapted to verify postage payment evi- 
denced in accordance with the present invention; 

FIG. 6 is flow chart of the operation of the mailer unit 
shown in FIG. 3; 

FIG. 7 is flow chart of the operation of the data center 
shown in FIG. 4; 

FIG. 8 is a flow chart of the verification process for the 
verification authority system shown in FIG. 5; 

FIG. 9 is an architecture of an alternate embodiment of the 
metCTing system shown in FIG. I suitable for use in a 
network environment; 

FIG. 10 is a diagrammatic representation of a mailer unit 
coupled to a network system along with other necessary 
conqjonents for metering postage; 

FIG. 11 is a diagrammatic representation of a data center 
suitable for operation with the mailer unit and network 
arrangement shown in FIG. 10; 

FIG. 12 is a diagraimnatic representation of a post office 
for verification of mailpieces suitable for use witii the 
network arrangement shown in FIGS. 10 and 11; 

FIG. 13 is a flow chart of the mailer and network 
arrangement shown in FIG. 10; 
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FIG. 14 is a flow chart of the network postage evidencing 
device system for the network server shown as part of FIG. 
10. 

5 DKTAILED DESCRIFnON OF THE 

PREFERRED EMBODIMENT 

Reference is now made to FIG. 1. A mailer unit shown 
generally at 112 is utilized to generate mailpieces including 
suitable postage revenue blocks including necessary infor- 
mation to mail the letters to various addresses. The mailer 
unit 112 includes data necessary to process mail including 
mailing list information, rating information, mailer authen- 
tication code information and account data information 
which is stored in a storage device 115. The mailer unit 
functions to create a mailing list, determine rating param- 
eters which are used to establish the postal value to be 
iir^)rinted on a mailpiece and encrypt and send to a data 
center the necessary information via electronic data inter- 
change over communication link 118. The mailer unit also 
receives the processed information necessary to prepare 
mailpieces and produces the mailpiece for dispatch into the 
mail stream. 

The mailing list includes recipient address information. 

2j This recipient address information may include both correct 
and incorrect information. The nature of the incorrect infor- 
mation may be incomplete or inaccurate addressee data. For 
example, as noted below address hygiene may be employed. 
In such case, a determination that the address on the mailing 
list does not correspond to an address in the hygiene data 
base, the recipient addressee information would be deemed 
incorrect. These databases include a oonqrilation of all 
address for a given region, area or even an entire countiy. 
The United States Postal Service National Address Database 
is one example of this type of database. It should be 
recognized that in many instances incorrect address infor- 
mation does not render a mailpiece undeUverable as 
addressed. For example, a street name may be misspelled or 
a zip code may be omitted or a "vanity" name or abbrevia- 

^ tion may be used for a city. 

Communication is encrypted to prevent eavesdropping on 
the conamunication link. A shared piece of secret data such 
as the mailer authentication code may be communicated in 
encrypted form to verify the authenticity of the mailer and 

45 likewise to verify the authenticity of the data center shown 
generally at 116. It should be expressly recognized that 
many variations of the communications system and data 
flow can be established. For example, the carrier may 
establish a private Electronic Data Interchange standard or 

50 may work through the ANSI X.12 or EDIFACT standards 
committees. Moreover, various communications means 
could be employed including dial up modems, packet 
switched networks or interactive television networks. 
It should also be recognized that the communications 

55 system may employ paper based transactions. For example, 
the mailer may provide a printed mail list to the data center 
for processing and the data center may provide printed labels 
containing valid Postal Revenue blocks. The data center 116 
stores mailer account data, vendor secret keys for generating 
digital tokens and also a postal data base, which is a data 
base of vaUd addresses utilized in address hygiene activity. 
A change of address data base may also be included to 
correct address changes which may not be known to the 
loailer unit 112 as well as a data repository. 

65 The data repositOTy is provided at the data center to store 
statistical data concerning the mailer, such as total postage 
utilized, piece count of mail items, groupings of letters sent 
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to various zip codes, classes of mail service utilized and 
other useful data. This information is stored in a memory 
stor^e device 110 located at the data center. The data center 
provides the functionality of cleansing the mail list (address 
hygiene) and generating a postal revenue block (E^tB) file. 
The PRB represents the information to be printed as the 
postal revenue block on each mailpiece by flie mailer unit 
112. It updates the data repositoiy stored in the stnrage 
device 110 a!s additional data is received from the mailer unit 
112 and transmitted back to Hic mailer unit The data center 
116 further functions to coUect funds and pay post^e and to 
maintain the updated data repositra^ for later utilization. 

The data center 116 is in communication via electronic 
data interchange (EDI) communication link 113. Similar to 
communication, over tiie EDI linV 118 between the mailer 
unit 112 and the data center 116, secrecy and authenticity 
techniques may be inoplemented. In the case of the mailer 
unit U2 and the data center 116 the shared secret data may 
be a mailer authentication code which is stared in the data 
center as part of the mailer account data. The shared infor- 
mation between the data center 116 and the postal office data 
center 114 may be a vendor authentication code which 
would be stored as part of the data repository at the data 
center and also as part of the data repository at the post oflSce 
114. 

At the post ofSce 114, a postal data base is miiintained as 
is address and a change of address data base. Additionally, 
a data repository and postal secret keys are stored. This 
information is stored in a storage device 120. The post ofEce 
114 functions to scan and verify the postage revenue block 
122 of mailpiece 124 whidi is physically transmitted from 
the mailer unit to the post office or to another verifying 
facility whidi, for example, may be a contracted faciUty. 
Alternatively, postal revenue blocks may be inspected in the 
field by postal or other inspectors employing suitable equip- 
ment. The post ofSce 114 also miaintains and updates the data 
base of addresses and maintains and updates the data reposi- 
tory. The detailed operation of each of these facilities, the 
mailer unit 112 the data center 116 and the post ofEce 114 is 
described in detail in connection with both the diagrammatic 
representation of each of these facilities and their accom- 
panying flow diarts. 

The postal revenue block 124 as well as the tmpdnted 
recipient addres s information 123 may be printed in madiine 
readable form. This may be as shown at 123A as part of the 
imprinted recipient address information block on the mail- 
piece 122 or at any selected separate location on the mail- 
piece (which may be as part of the postal revenue block 124 
or elsewhere as shown 123B). The particular and machine 
readable imprint of the postal revenue block 124 and/or 
recipient address information 123 is shown as imprinted in 
bar, half bar code. Other machine readable alpha numeric 
fonts are suitable for imprinting on the mailpiece 122. 

Reference is now made to FIG. 2. The main data center of 
the vendor 202 is connected via a communication link 204 
to the central post ofEice 206. The main vendor data center 
202 is also connected through communication Unks 208 to 
various regional data centers shown generally at 210. The 
regional data centers 210 are connected in turn to various 
mailers shown at 212, 214 and 216. The central post ofiHce 
206, similar to the main data center of the vendor 202, is 
connected via communication links to regional post ofQces 
shown generally at 220. It should be noted that the re^onal 
data center 220 zoiay be in communication via a data link ^22 
to the r^onal post oMces 210 and the various mailers 212, 
214 and 216. Physically transmission of mailpieces to the 
regional post offices 220 as is shown by the dashed lines 224, 



226 and 228. The maUers 212, 214 and 216 are in commu- 
nication with the regional data centers via communication 
links 213, 215 and 217. 

It should be expressly recognized that many variations of 
5 the communications system and data flows can be estab- 
lished. For example, the mailers 212, 214 and 216 can send 
their mailpieces directly to the central post office 206. 
Moreover, tiie maUCTS can be in direct communication with 
the main data center 202. Other combinations and variations 

10 are possible depending on the needs of the particular postal 
environment involved. 

Reference is now made to FIG. 3. The mailer unit shown 
generally at 302 includes a printer 304 and optionally a scale 
306. The printer 304 is connected through a print commu- 
nication port 308 to the printing control system 310. Pri^nting 
control system is adapted to control the operation of the 
printer 304. The optional scale 306 is connected to a scale 
port 312 of the rating parameter system 314. This system 
314 provides the ability to rate the mailpieces based on 
actual rate and/or other rating parameters measurable by the 
scale 306 and or associated apparatus. 

Alternatively, for a mailing to be implemented, the rating 
parameter system 314 can, based on various information in 

25 the mailer unit computer storage 316, determine the rating 
parameters to be utilized through a rating process 319. This 
is based on information stored on the rating parameter 
system 314. The mailing unit storage device 316 is in 
communications with a data communications system 318 to 
enable communications with a remote data center to be 
hereinafter described. A data communications system 318 
includes a communication port 320 to facilitate the commu- 
nications. A user interface 322 can be by means of I/O a 
communication input/output (I/O) port 324, or by a key- 
board and display, by other I/O type devices or by means of 
a smart card or magnetic card. A secret mailer authentication 
code is stored in a secure tanker resistant device 326. The 
authorization code can alternatively be secret information 
known to the mailer and hand keyed into the system using 

^ the user interface 322. The authorization code is then passed 
to the data communications system 318 to initiate a mail run 
in accordance with the flow chart described hereinafter. 

The mailer authentication code is not part of the security 
of the mailing process but is part of the shared information 

45 communicated over the EDI channel 118 of FIG. 1 between 
the mailer 112 and the data center 116. The mailer authen- 
tication code provides for mutual security and authentication 
for the mailer and the data center. It is not related to security 
of the postal funds or to the information imprinted on each 

50 miailpiece. Mailer account data received from the data center 
and stored in the storage device 316 can be sent to the 
printing control system for generation of incoming reports. 

The printer 304 and the printing subsystem 310 as well as 
Other areas of the mailer unit 310 and other portions of the 

55 system outside of the mailer unit may be monitored to ensure, 
proper operation. Specifically, as an example, if the printer 
304 should not properly print digital tokens (the postal 
revenue block 124 on mailpiece 122 this information is 
detected and stored in the mailer unit for communication to 

60 the data center to enable credit to be provided to the mailers 
account, and/or to initiate an inspection if warranted based 
on the number of digital tokens that are not properly printed. 
The failure to print flie digital token by printer 304 may be 
due to a f aihiTe of ttie printer, and a failure in the commu- 

65 nications channel, or a specific determination on the part of 
the mailer not to prepare the particular mailpiece. In any 
event, once the digital token, as wiU be recognized hereafter. 



has been issued by the data center to the mailer, the mailers 
account may be charged for such digital token and audit of 
recej^t and use of the digital token is required for the mailer 
to ensure that no charge is incurred for a distal token not 
utilized, unless such arrangement is part of the system and 5 
understanding between the mailer and the carrier involved. 

Reference is now made to FIG. 4. The mailer unit 
communicates to the data center shown generally at 402 via 
a data center communications port 404 which is part of the 
data communications system 40d. The data communications 1° 
system 406 further includes a data communications port 408 
adapted to interface to the Post Office. 

The data communications system 406 is connected to a 
data storage device 410 which includes various information 
in addition to information received from the mailer. Included ^ ^ 
in the storage device 410 are: postal address database; a 
national change of address database; a data r^ository which 
would include information transmitted by the mailer; and, 
mailer account information which also would include infor- 
mation transmitted by the mailer. The data repository and 
mailer accoimt information may include accumulated data 
and other data stored by the data center relevant to various 
transactions associated with the mailer. 

A secure tamper resistant memory 412 is provided at the 25 
data center. The data center secure memory 412 may be a 
part of the memory 410 or a separate independent memory 
system. The memory 412 stores various information which 
need to be maintained secure, including the vendor authen- 
tication code, the mailers authentication codes, the vendor 
secret key information, if desired, and the digital token 
transformation algorithm. The data from the memory 412, 
appropdate data from memory 410, data received from the 
mailer via data communications system 406, along with data 
from the postal rating system 418, are processed in a digital 35 
token transformation device 414 to produce the vendor 
digital token. For maximum security the Post OfEce digital 
token is produced by a digital token transformation per- 
formed securely within the Post Office security device 420. 
The digital tokens authenticate a mallpiece and the postage ^ 
value imprinted on said mailpiece. The data used to produce 
the vendor digital token is also used to produce the Post 
Office digital token. Said data is transmitted to the Post 
Office security device 420 via the Postal security interface 
416. The Post Office security device produces the Post Office ^ ^ 
digital tokens via a digital token transformation and returns 
them to the data center via the postal security interface. The 
Post Office security device may be located in the data center 
and it contains the Post OfEce secret keys that are assigned 
by the Post Office to the data center for production of digital 
tokens. Alternatively, the Post Office secret keys may be 
stored in the data center secure steerage device 412 and the 
Post Office digital token transformation may be performed 
in the digital token transformation device 414. In this case 
the security of the system is reduced, because the vendor and ^ ^ 
Post OfBce secret infoimation is not kept separate. 

The payment for postage is transferred from the mailers 
account to the postal service at the data center electronic 
funds system 422. 

The Post Office security device 420 has the post office 60 
secret key information which is used by the digital token 
transformation process 414 to generate post office digital 
tokens. These post office digital tokens are also transmitted 
(along with the vendor digital tokens) to the mailer via 
communication port 404. The operation of the data center 65 
components are described in greater detail in connection 
with the associated flow chart. 
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Reference is now made to FIG. 5. A Post OfBce shown 
generally at 502 receives physical delivery of various mail- 
pieces 122, each including both digital tokens printed in the 
postal revenue block 124. The information from the mail- 
piece 122 is obtained at device 504 by OCR recognition, 
voice input or manual key entry by a Post Office employee 
or by other suitable manner such as video Hft image tech- 
nology. 

The information from the device 504 is communicated 
through a communication port 506 which is part of the data 
communications system 510. The information capturing 
device 504 is utilized in conjunction with information stored 
in a post office data storage device 512 to verify the postal 
revenue block 124 by utilization of the Digital Token 
Transformation process 514. The postal secret key informa- 
tion and other relevant secret postal information may be 
stored in a secure tamper resistant storage device 516. The 
vendor authentication codes are also stored in the secure 
storage device 516. 

The storage device 512 includes: postal address database; 
national change of address database; postal rate database; 
data repository; and, verification reports. Other suitable 
Information may be stored in this memory. An electronic 
funds system 518 is provided to receive funds from the data 
centCT via the data communication system 510 as part of an 
electronic frinds transfer system. It should be noted that 
various .suitable funds transfer system may be employed as 
part of the present invention. 

The data center 402 may communicate to the Post Office 
502 both data repository information and verification report 
information to allow the Post Office 502 to be periodically 
updated as to this information. Similarly, the post office 562 
may periodically update the data center, 402. 

It should be expressly noted that the system described is 
a system where secure postal key and secure vendor key and 
secure postal algorithm and secure vendor algorithm infor- 
mation may all be employed, and not stored at the mailer 
unit site 302. This provides greatly enhanced security 
because access to information which could allow the fraudu- 
lent generation of digital tokens is completely. While the 
mailers may be hundreds and thousands in number, the 
number of vea.d<xs and the nimiber of post office data centers 
requiring this information is limited in numb^ allowing a 
much higher security and control to exist for this critical 
data. 

Reference is now made to FIG. 6 which is the flow chart 
of the operation of the mailer unit shown in FIG. 3. And, 
more particularly, the process wherein the mailer postage 
request is initiated and the Digital Tokens received and 
utilized in printing the postage revenue block. 

At 602 a determined post^e request is initiated and 
certain particular parameters associated with the process are 
either switched to an active or inactive state. Specifically, at 
602 a determination is made by the user whether address 
hygiene is to be performed. The address information may 
not be susceptible to address hygiene due to either a lack of 
appropriate address information or due to mailer's desire to 
keep due address information in its original uncorrected 
form. If the address hygiene parameter switch is actuated, a 
further parameter switch is available to determine whether 
the system is to use any corrected hygiened address (that is 
a changed address) as opposed to the original address in 
generating the digital token to be imprinted on the mailpiece. 
This parameter switch is utUized so that a user has the option 
of using the uncorrected address for a particular mailpiece 
but still be advised of the fact that the address hygiened data 
base caxrifis with it a different hygiened address. 
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This is a very essential feature for a mailer to be able to 
determine which address is utilized in generating the digital 
token. Assurance must be had that the digital token gener- 
ated with the address information corresponds with the 
address printed on the envelopes. Thus, if the hygiened 
address is to be printed on the envelope the corrected address 
would be used in the generation of the digital token. On the 
other hand, if the uncoirected address is utUized then the 
uncocrected address is also utilized in generating the digital 
token. This allows later verification from the mailpiece 
itself. Moreover, from time to time address hygiened data 
bases themselves have incorrect information such that the 
hygiened address could change a correct address to an 
incorrect address. Thus, this option is needed at least for this 
purpose. Address hygiene may involve multiple communi- 
cations between the mailer and the address hygiene data 
base. If the data base is located remotely and communication 
costs are involved, it may be desirable to automate the use 
of the particular address (corrected or uncocrected hygiened 
address) determined on the number of times communica- 
tions are necessary to correct the address. Thus, if a cor- 
rected address comes back in a fiist communication pass this 
address may be used while if the first communication pass 
results in a request for further information from the user to 
enable address hygiene to proceed, the uncorrected address 
will be utilized in generating Digital Tokens. This allows the 
mailer to generate all of the Digital Tokens for a large 
number of mailpieces which may be processed in a single 
time in one communication pass without the necessity to 
delay processing of the entire group of mailpieces until 
multiple communications with the address hygiened data 
base is conq>leted or alternatively to defer the processing of 
the particular mai^ieces requiting multiple communica- 
tions. 

Alternatively, uncoirected address can be outsorted from 
a mail run so that all unccxiected addressed ma£ can be latex 
processed, possibly as a sei>arate batch with or without 
address correction. 

For those rating systems that provide a discount for 
hygiened addresses, it may be necessary for those unhy- 
giened addresses (where uncorrected addresses or incom- 
plete addresses are utilized) to pay an additional postage 
amount. Thus, the system must provide postage value to be 
imprinted by hygiened and unhygjened address as appropri- 
ate. An example, of an unhygiened address in the United 
States is where certain 'Vanity" names are used as opposed 
to standard names stored in the postal address data base. 

In areas where uncorrected addresses are utilized, it may 
be desirable to utilize an address identifier. This is a delivery 
address identifier to provide a unique addressee number 
associated with a particular mailpiece (this may also be 
utilized in connection with hygiened addresses) which can 
be a numeric or alphanumeric string associated with the 
address. The string is derived algorithmically from the data 
in the delivery address block. It should be such that it is 
dif&cult to produce two different address blocks that have the 
same delivery address identifiear. A Delivery Point Postal 
Code (such as a zip code in the United States which may 
involve up to 11 digits) is an example of a delivery address 
identifier. 

At 604 a determination is made if there is another mail- 
piece for which a postage request is required. If this is true 
(as it would be for the first postage request received) the 
mailer at 606 generates tiie address for the mailpiece (which 
may be hygiened or unhygiened) and the various rating 
parameters as well as the date of entry into the mailstream 
(the date in which tiie mail wiU be deposited with the 
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carrier). Other dates of entry can be used depending upon the 
nature of the system involved such as the date of creation of 
the mailpiece. The rating parameters can vary depending 
upon the particular rating system associated with the carrier 

5 involved. The rating systems vary from carrier to carrier, as 
for example the United States Postal Service, United Parcel 
Service, Federal Express, United Kingdom Royal MaQ, eta 
These services have various rating parameters utilized to 
determine the appropriate price for a delivery of a particular 
mailpiece (which for the purpose of the present invention 
and disclosure is intended to include parcels). At 606 the 
processing of a particular mailpiece is activated by gener- 
ating various information elements that may include the 
address, rating parameters, date of entry. This roay be 

j2 appended to a postal request file which is being generated as 
various mailpieces loop through decision block 604 and are 
processed at 606. Where no furthCT mailpieces are to be 
processed as determined at 604, communications is estab- 
lished with a remote data center at 608. 

20 A procedure is initiated and coinjpleted at 610 to authen- 
ticate the data center in a known manner such that the mail^ 
is assured that communication has been established with an 
authorized data center to issue the digital tokens to be 
printed on the mailpieces. Once this has been established, 

25 the postal request file may be encrypted at 612 and the 
encrypted postal data file transmitted at 614 to the data 
center. The data center at 616 performs its process on the 
transmitted encrypted postal request file as shown in detail 
in FIG. 7. This process at the data center which is shown in 

3Q abbreviated form at block 616 and involves: generating (if a 
hygiened request has been made) a bad address file; a 
corrected address file; a postal revenue block file (with a 
postal revenue block associated with each of the plurality of 
mailpieces involved in the transmitted encrypted postal 

35 request file); and, an accounting record of the transaction 
which debits funds associated with the mailer's account for 
the digital tokens to be transmitted to the mailer. At 616 the 
data center encrypts (some or aU) of the above noted files, 
namely, the bad address file, corrected address file, postage 

4Q revenue block file and accounting record, and sends these 
files or portions thereof to the mailer. 

At 618 the mailer receives the encrypted flies transmitted 
by the data center and decrypts these files or portions thereof 
depending upon the particular system implemented and the 

45 nature of the data transmitted. For each address for a given 
postal request file that has been transmitted, processed and 
received back, if for such item there is an exact match as to 
the address at 620, a determination is made at 622 whether 
this address is in the postal revenue block file. In such case, 

50 the data is formatted at 624 and an envelope is printed at 626 
with the postal revenue block Other appropriate data may 
also be printed at 626 such as the address, barcode, return 
address and advertising slogan, unique identifiers associated 
with advertising material or surveys, service codes and tiie 

55 like. 

If on the other hand the address is not in the postal revenue 
block file, few whatever reason, which would most Ukely be 
an error condition, the mailpiece is not generated at 628. The 
process loops back to decision block 620 and continues as to 

60 the next mailpiece. 

The error condition noted above at 628 is only one 
exan^le of many error conditions that can exist throughout 
the system which would require corrective action. Another 
example is the postage revenue block file being out of 

65 synchronism with the postal request file. This could have 
occurred because of a processing error or a communication 
error or a conq)onent failure. Other errors can occur through- 
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out the system which will require similar type corrective process and loops back to decision block 766 to process the 

action as noted in block 628, or if needed or desired, to next record. The process continues again at block 708 and if, 

coinpletely halt the process, to resynchronize the relation- for exanaple, the next record is a record whore address 

ship of the various data files, and/or to reinitiate the process hygiene has not been requested the flag indicates that fact 

firom the beguming. Because of the fact that funds may be 5 would be appended to the record in the postal revenue block 

accounted for where printing has not taken place, it is The entire record may be appended to the record in the 

important that this information be communicated back to the P«stal revenue block file using the address as provided by 

data center 402 to allow either an electronic or physical audit mailer at block 714. 

to be conducted to determine the nature and extent of the ^ at block 712 an exact match was not found as part of the 

error for which refunded postage may be requested. lo address hygiene process, a determination is made at 716 

t .1. . ^ ^ ^1- ^- , whetiier the address was ccarected as part of the address 

I 'h'' °°t'f P^.fl'' hygie-ie P^o^ss at 710. If tWs is true, the indication of this 

lE^piece from the decrypted postal request file with the f/^is appended to the corrected address file at 718. A further 

address m the maders generated posM request file trans- determMation is made at 720 whether the mailer has 

mittedtothedatacenta: adeta™uonismadeat«30 requested to use the corrected address in generating the 

fte address was conrected. If the address was corrected a 15 ^^^^ ^ ^ ^^^^^^ ^^g^^^ ^^^^^ 

further detaroination is made at 632 wheflier to accept the ^^^ded to the postal revenue block file. If on the other 

corrected address and if so the mailers address data base is , „ i,-^ ^^t^ ; a 'jtn * t-x^^ 

, J * J * J tt. ^ ^ J - • 1-1 , hand, the mailer had detemuned at 720 not to use the 

updated at 634 and the process continues to decision block eoirected address file, the postal request file is appended to 

622 as previously noted. ^^^^ ^^^^^^ block file at 724 to be used in the 

If on the other hand the address was not corrected as generation of the digital tokens, 

detamined at «0, toe correct current address is generated jf ^t 716 if the address was not corrected, the record is 

at 6» If possible. This may be a manual update or loading appended to the bad address file at 726 and no digital token 

in of new address from another source. The inability to ^e generated for this address. Thus, if address hygiene 

correct a bad address will flow through, to block 628 and requested by the mailer and the data center was unable 

result in not gener^ing toe particular mailpiece. At 638 the ^5 ^ correct address hygiene and conduct the particular address 

conrected address from 636 is used to update the mailers involved, no digital token is generated. This fact is noted in 

address data base and the process contmues to decision ^xo bad address file for later action by the mailer and no 

funds are withdrawn for this particular mailpiece. After 

Various software is suitable for use in the above process. decision block 76 determines that there are no further 

One example is the AddressRight software marketed by, unprocessed records in the postal request file, the process 

Ktney Bowes. Another exainple is the software program continues to proceed to generate digital tokens, 

entitled Dazzle marketed by Envelope Manager Software. At 728 a determination is made if there is a record to 

DAZzle Version 2.0, Copyright 1992-1993, Envelope Man- process in the postage revenue block file. If this is true, a 

ager Software, 247 High Street, Palo Alto, Calif. 94301- 35 deUvery point postal code is generated at 730. In the United 

1041. This Microsoft Windows based program deals -with States this deUvery point postal code is the 11 digit code, 

completing envelope layout and printing including address SpedficaUy, it is a unique address identifier. The delivery 

verification and barcode printing including barcode for the point postal code is an identifier which is unique to each 

gateway for airport locations for overseas mail. address and as noted above is an example of a deUvery 

It should also be recognized that the present system 40 address identifier. If the delivery point postal code is suc- 

described above maybe integrated with a plurality of differ- cessfiiUy generated as determined at 732, the rating process 

ent carriers such that in a single communications process is performed at 734. This generates the proper required 

tokens can be received and separately sorted for various amount of postage for the mailpiece involved. An example 

carriers such as the United States Parcel Service, Federal of the type of rating process and procedure which could be 

Express, the United States Postal Service, United Kingdom 45 used is described in the above-identified pending U.S. Patent 

Royal Mail, DHL and Airborne and the like. Moreover, the AppUcation for POSTAL RATING SYSTEM WITH VERI- 

data center providing the d^tal tokens may process the FIABLE INTEGRITY. Other forms of rating processes may 

request to identify the most suitable service to meet the also be suitably employed. If at 732 a delivery point postal 

requirements of the mailer. This may be based on mailing code has not been successfully generated, at 736 a delivery 

cost, delivery time, mail or parcel type or size, destination 50 address identifier is generated and thereafter the rating 

being served, insurance and the Uke. process proceeds at 734. 

Reference is now made to FIG. 7 which is a flow chart of At 738 an assembly is made of the digital token trans- 

the operation of the data center shown in FIG. 4. At 702 a formation input data which may include the postage amount; 

request is received to authenticate a mailer. The authentica- the date of submission; delivery address identifier or deliv- 

tion process ensures that the data center is in communication 55 ery point postal code as the case may be; piece count; mailer 

with a specific known mailer and uses conventional tech- identification data; and, origination identifier (such as origi- 

niques to authenticate the party with whom the data center nation zip code). 

is communicating. The data center then receives and The generation of a digital token can use many different 

decrypts the postal request file at 704 and a determination is forms of input data to create a digital token to ultimately be 

then made at 706 if there is an unprocessed record in the 60 printed on a mailpiece. The particular organization and 

postal request fiOLe. If so, a decision is then made at 708 if the nature of the input data and the transformation involved is a 

address hygiene has been requested by the mailer. If so, matter of the requirements of the mails-, the carrier and the 

address hygiene is performed at 710 and thereafter a deter- level of security desired. At 740 the d^tal token transfor- 

mination is made at 712 if an exact match was found for the mation is performed to generate the vendor digital token and 

particular record in the file being processed. If this occurs, 65 at 742 the postal service digital token transformation is 

the data center at 714 appends the record to the postal performed to generate the postal service or carrier service 

revenue block file that an exact match was found in the digital token. 
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The digital token transformation at 742 is a second digital 
token transformation. This digital token transformation uti- 
lizes the postal service or courier service black box at the 
data center (see block 420 in FIG. 4). Moreover, the trans- 
foxmation process and the algorithms involved can be dif- 5 
ferent in the transformations at 740 and 742. Each is 
separately selected. The vendor selects the particular trans- 
formation at 740 subject to various regulatioiis of the carrier 
service. The carrier selects the transformation of 742 to meet 
its requirements. At the data center, because of the security 
of the postage security device 420 which is not accessible to 
data center personnel or only to limited authorized data 
center personnel, the vendor has the ability to generate the 
postal service or carrier digital token without knowing the 
precise transformation involved. 

An error control code is generated at 744 and appended to 
tfie string of data. This is provided to effectuate high speed 
accurate automatic data capture, and processing where error 
control codes are normally employed to detect and correct 
the corruption of data. The error control code is utilized at 20 
later date when scanning the string of data to ensure the data 
has been scanned properly or keyed in properly. It is used in 
standard fashion to verify the integrity of the process of the 
data entry. The data center at 746 accounts for the postage 
and generates accounting record and charges the postage to 2s 
the mailers account. This may also involve the transfer of 
funds from one account to another account, such as from the 
mailers account to the carriers account^ or through interme- 
diary accounts such as a trustee account to the carrier 
account. At 748 the postal revenue block file is appended to 
it include the following data: the postage date of submission; 
delivery address identifier or delivery point postal code, as 
the case may be; piece count; mailer identifier; cdgination 
zip code; vendor digital token; postal service and/or carrier 
digital token; and, error control code. Again as noted above, 35 
the selection of the particular data and the manner in which 
its processed and organized is subject to meeting the require- 
ments of the particular system involved. A mailing run 
identifier for the particular mail run may also be included. 

The above process continues until it is determined at 728 40 
that there are no more records in the postal revenue block file 
to be processed. At this time, at 750, the postal revenue block 
file, corrected address file, bad address file and accounting 
record are encrypted and at 752 transmitted to the mailer. A 
copy of the message transmitted to the mailer is stored at the 45 
data center for later possible retransmission and/or statistical 
analysis and/or later audit Depending on the requirements 
of the system the storage can be temporary and/or perma- 
nent. 

Reference is now made to FIG. 8 which is a flow chart of 50 
the verification process for the verification authority system 
shown in FIG. 5. Each received mailpiece is scanned at 802 
for address and postal revenue block data. The scanning can 
be done by any suitable means. Examples of suitable scan- 
ning systems include hand held scanners and fixed high 5s 
speed scanners typically employed by postal processing 
equipment. The scanning can be of alphanumeric data or 
barcode or other coded printed data depending upon the 
particular system employed and the requirements of the 
system. The scanning may be pecf onned by a person reading 60 
ttxe data on the envelope and keying it in through a user 
interface at 504. 

The outcome of the scanning at S02 may be an ASCII file, 
of processible data to be Ifaereafter utilized. A determination 
is made at 804 as to whether the error correction code 65 
qjpended as shown in FIG. 7 is correct. If it is correct, a 
detennination is made at 806 of the postal service fccy from 



the vendor identification and the mailer identification num- 
bers. Thereafter, a digital token is generated with the postal 
service key at 808 and a conqjarison is made at 810 between 
the postal service digital token printed on tiie mailpiece with 
the previously generated digital token at 808. The vendor 
token can be processed in similar manner. Depending on the 
system, decryption techniques, rather than reencryption 
techniques may be employed if desired. A determination is 
made at 812 whether the cort4>arison of the postal service 
digital token read from the mailpiece and the one generated 
at 808 compared correctiy. If matched, the process contin- 
ues. It may be desired however at 814 to randomly, or based 
on other criteria, as for example, level of usage of a 
particular mailer, destination, density for mailpieces and the 
like, or profile of the mailer, select mailpieces for vendor 
verification by comparing the vendor digital token with the 
vendor digital token printed on the mailpiece. If it is 
determined at 812 that a match did not occur, the mailpiece 
is outsorted for manual inspection at 816. It should be 
recognized first if at 804 the error correction code did not 
verify as correct, the process may either be stopped or a 
manual inspection may be conducted at 818. The vendor 
digital token may be ^so processed in a similar manner. 

As previously noted, an alternate embodiment of the 
metering system shown and described in connection with 
PIGS. 1 and 3 through 7 is shown in connection with FIGS. 
9 through 14. This embodiment in FIGS. 9 through 14 is 
suitable for use in a network environment. To a large extent, 
similar reference numerals £ire used (other than the first digit 
for FIGS. 1 through 9 and the first two digits for FIGS. 9 
through 14) in FIGS. 9 through 14 to designate similar 
system elements as designated in FIGS. 1 and 3 through 7. 
The similar structure operates in a similar manner and wiU 
not be described again in detail. 

Reference is made to FIG. 9. The division of function 
between the mailer unit 912 and data center 910 is modified 
since the digital tokens are now generated at the mailer 
facility. Thus, the functions of updating the data repositcMy 
and the new function of uploading the data repository 
information are incorporated in the mailer unit 912 as well 
as cleansing the mailing list and generating the postage 
revenue block file. The function in the mailer unit of 
encrypting and sending the postal revenue request file to the 
data center is no longer required and has been eliminated. 
This is because, as will be apparent in FIG. 10, a secure 
postage evidencing device is provided at the mailer facility 
on the mailer network. Encryption, however, if desired can 
still be employed for communications on the maUer network 
as an option to the mailer for security purpose. 

Reference is made to FIG. 10 which is a diagrammatic 
representation of a mailer unit coupled to a network system 
along with the other necessary conqxjnents for metoing 
postage. The mailer unit 1002 is connected through a 
communications port 1028 to a mailer network 1030. The 
mailer network 1030 may be a local area network, it may be 
a wireless or a wired network. It may be a telei^one netwcark 
or other suitable communication system to allow commu- 
nication between the various mailer conq>onents. 

Connected to the mailer network are a postal evidencing 
device shown generally at 1032 and an address hygiene 
server or device shown generally at 1034 these devices 1032 
and 1034 function to provide the necessary functions of the 
data center shown in FIG. 4; however, the secure postage 
evidencing functions are embodied in the postage evidenc- 
ing device 1032 while the address hygiene functions are 
embodied in the device 1034. The address hygiene functions 
of device 1034, may be, if desired, incoipQiated in the 
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postage evidencing device 1032 or in the mailer unit 1002 or to the post office system. Thus, where the electronic funds 

even left at the data center or another remote facility. accounting and transfer occurs at the data center, this infor- 

The postage evidencing device 1032 includes a data mation is communicated to the mailer and to the post office, 

communications system 1036 conaected to a data stcarage When as in FIG. 5, the electronic funds system is at the post 

device 1038 which includes various information in addition s office, the accounting inf oimation is communicated from the 

to information received from the mailer unit 1002 over the post office to the mailer through the data center, 

network 103*. Included in the storage device 1038 are: A secure memory 1112 is also provided at the data center 

vendor and postal secret key information; data repository 1102. The secure memory stores vendor authentication code; 

which would include information transmitted by the mailer vendor secret key information; and postal secret key 

unit 1002; and, mailer account information which may also information, if desired. The secure memory 1112 may be a 

include infoonation transmitted by the mailer and serial portion of the memory 1104 or a separate secure memory in 

number. The data repositcay and mailer account infcamation » tamper resistant housing. 

may include, similar to FIG. 4 accumulated data and other Reference is now made to FIG. 12 which is a diagram- 
data stored by the data center relevant to variou s transactions matic representation of a post office system sititable for work 
associated with the mailer. The memory 1038 is a secure jg with the network arrangement. The post office 1202 includes 
tamper resistant memory and the entire postage evidencing a memory 1212 containing the data repository and verifica- 
device may be secured in a separate secure location within tion reports. Additionally stored, if desired, is of the addi- 
the mailer facility or to a remote mailer facUity on the mailer tional information shown in the memory 512 of FIG. 5. 
network. However, the postal address database and national change of 
A digital token transformation processing device 1040 is 20 ^'^'^^^^ database can be stored if desired, at the address 
provided. The data from the memory 1038 along with hygiened server 1034 or at the data center 1102. The post 
appropriate data from the maUer unit 1002 and the and/or the office system shown in FIG. 12 functions in tiie same 
address hygiened server 1034. are processed in the digital manner as that shown in FIG. 5 to authenticate and verify 
token transformation processing device 1040. The digital payment of postage for various mailpieces delivered by 
tokens are communicated via a communication port 1042 in 25 mailers to the post office. 

the data communication system to the mailer unit 1002 to be Reference is now made to FIG. 13; As can be seen by a 
utilized in the manner previously described. The network comparison of FIG. 13 AND FIG. 6, the flow of the 
secure memory device 1038 contains the vendor secret key operation of the mailer facility is very similar to the mailer 
and the Post Office secret key assigned to the network unit; however, communication is established with the net- 
postage evidencing device 1032 for production of digital 30 work postage evidencing system at 1308 and the postage 
tokens. There is not Post Office security device in the evidencing system functions in much the same way as the 
network system corresponding to data center Post Office data center f\inctions in the non network system shown in 
security device 420 in FIG. 4. In the case of the data center FIGS. 1 through 8. 

system, the data center contains sufEcient information for a Reference is now made to FIG. 14. As can be seen by a 

forger to imitate all mailers using the data center, and thus 35 similar coii^>arison of FIG. 13 and FIG. 7, the postage 

it is important for the Post Office to maintain security evidencing system on the network processes requests in a 

independent of the vendor to assiure the integrity of the similar manner as the data center shown in FIG. 7 processes 

system. In the case of the network system the postage requests. The functionality, however, is divided between 

evidencing device contains only sufficient information to address hygiene server 1034 and the postage evidencing 

imitate itself, and so there is no advantage significant to 40 device 1032. 

maintaining the vendor secret key and the Post Office secret Jt should be noted that the above described system pro- 
key in separate secure devices. vides numerous benefits to the mailer, the data center and the 

The address hygiene server 1034 includes a memory 1048 post ofBce. The benefits include: 

having the postal address database stored therein. The stor- For the mailer: 

age device 1048 is connected through the communication 45 1) Accurate funds tracking for midtiple accounts, 

port 1052 of the data communications system 1050 to the 2) Automatic access to centralized address information, 

network 1030. The address information is received via the including £requentiy updated change of address informa- 

network and the communication port 1052 which is there- tion. 

after flowed into the memory 1048 for processing in the 3)Amajority of communication between maUer, data center 

address hygiene process device 1054. Hygiened address 50 and a carrier can be made totally transparent to commu- 

information is communicated via the communication port nicating parties by employing electronic data interchange 

1052 and the network 1030 to the postage evidencing device methods. 

1038 and to mailer unit 1002. 4) Confidentiality and authenticity of aU sensitive informa- 

Reference is now made to KG. 11 which is the diagram- tion can be protected, 

matic representation of the data center suitable for operation 55 5) A low cost effective mailpiece preparation solution for 

with the mailer unit and the network arrangement shown in mailer is provided. 

FIG. 10. Data center shown generally at 1102 includes a 6) Convenient access to posti^e payment is provided, 

memory 1104 containing the national change of address 7) The data center may provide for additional information or 

database and the data repository. The memory 1104 is control ofjob run and other scheduling for optimization of 

connected to the mailer unit 1002 via a data communication 60 delivery time and mailing costs' based on postal network 

system 1006 having a communication port of 1108. The information. 

memory 1104 includes the information which is uploaded to 8) The data center can provide various dififerent and/or 

the mailer facility 912. The data center may include an similar services through alternative carriers fcr special 

electronic funds system 1110 which functions similarly to services and packages. 

the electronic funds transfer system 518 shown in FIG. 5. 65 9) The data center can provide customized mailin g lists both 
This is to denote that the electronic funds transfer system nationally and internationally based on market demo- 
may be part of the data center as opposed to or in addition graphics. 
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10) Data Center can provide distributed hybrid mail the data 
center may also be a mail center which can generate the 
physical mail for the mailer, close to physical dehveiy 



11) The systems conform to and are conqjatible with com- 
puter networked based business operations. 

12) A single device solution is provided for a mailer's 
facility using local area network arrangements such as, for 
example campus, metropolitan area, geographic area or 



company using ccaporate or other network arrangements. 10 maHexs site. 



network postage evidencing device for mail generation 
stations. The cost of network attachment would be shared 
with all other network based activities. Network devices, in 
certain situations, may better lit high volume mailers with 
large token processing requirements. An additional factor 
that may involve the selection and design of the particular 
system, is the bandwith of the system itself or the commu- 
nication requirements which may include issues such as, 
performance requirements and centralized distdbation at the 



For the Data Center: 

1) Secret encryption key management is much more eflfec- 
tive. 

2) Access is provided to customers mailings for marketing 
and usage information. 

3) Ability is provided to to monitor maiUng frequency and 
geographic distribution. 

4) The data center can provide evidence of authenticity of 
payment or data for other applications. 

5) A single point of contact 
services to mailer. 

6) data repositories. 
For the Post Office (or other carrier): 

1) High quality addresses give mail is generated which is 
suitable for automiated processing from small and inter- 25 
mediate size mailers. The cost of mail distribution is 
therefor reduced. 

2) The quality of information for verification is much higher. 

3) The postal service burden for implementation may be 
minimal and is facilitated. The format of all communica- 30 
tions between vendor and post ofiEce are predefined by the 
interface. 

4) Access to summary information of system use provides a 
guide for sampling and verification. 

5) A way is enabled to provide special discounts and 35 
customized rates for mailers. 

6) A natural and significantly simplified way is enabled to 
provide special services such as certified, registered, 
international and overnight mall for nudlers. 



It should be recognized that all of the above factors are 
simply considerations which may cause an individual mailer 
to select one particular approach over another. However, 
either approach would be satisfactory to solve any mailer 
15 requirements and may be dictated by external factors such as 
requirements of the carrier service involved and the avail- 
ability of hardware, communications, and software. 

While the present invention has been described with 
reference to the specific embodiments, it is apparent that 
provided fci distribution 20 many variations and modifications may be made to these 
various embodiments. It is thus intended in &e following 
claims to cover eadhi variation and modification that falls 
within the true spirit and scope witfiin the present invention. 
What is claimed is: 

1. A method for preparing mail pieces comprising the 
steps of: 

communicating from a mailer facility recipient address 
information to means for encrypting, said encrypting 
means located remote from said mailer facility and 
containing encryption algorithm information; 
generating encrypted data by said remote encryption 
means based on said communicated recipient informa- 
tion and said encryption algorithm informatioD; 
transmitting said encrypted data from said ronote enoyp- 

tion means to said mailer facility; and 
said mailer facility not having access to said encryption 
algorithm information. 

2. A method as defined in claim 1 wherein the encrypted 



6) Provides a planning tool for new services and facilities for 40 algorithm information includes a secret key. 



small and medium size mailers. 

It should be recognized that some of the benefits are more 
particularly found in the network embodiments disclosed 
above as opposed to the non-network embodiments. 
Specifically, the network postage evidencing device systems 45 
described may, in certain instances be better suited to 
particular mailing applications as opposed to the non- 
network systems. For example, the non-local area network 
system may be better suited to fit batch mailers will regular 
planned mailings who wish to directly interact with a central 50 
data center and/or post oflSce and/or carrier, rather than 
conduct internal accounting. On the other hand, the network 
avoids the need to provide modems and telephone lines for 
each mail generation station or for multiple mail generation 
stations. Mcareover, access to an electric data interdiange 55 
may be expensive. 

Telephone Une charges may have a fixed cost fliat would 
be shared over the total number of tokens processed for a 



3. A method fOT preparing mail pieces comprising the 
steps of: 

communicating from a mailer facility recipient address 
information to means for encrypting, said encrypting 
means located remote from said mailer facility and 
containing secret encryption k^ information; 

generating enoypted data by said remote encryption 
means based on said communicated recipient informa- 
tion and said secret encryption key information; 

transmitting said encrypted data from said remote enayp- 
tion means to said mailer facility; and 

said mailer facility not having access to said secret 
encryption key information. 

4. A method as defined in claim 3 wherein said secret key 
is associated with said mailer. 

5. A method as defined in daim 3 wherein said secret key 
is associated with said mailer facility, 

6. A meOiod as defined in claim 3 further comprising 



small number of d^ital tokens, this may be expensive. The 

network systems and method on the other hand, may best fit 60 placing said encrypted data on said mail piece at said mailer 
businesses with less periodic smaller maiUngs cr several facility, 
mail generation stations. Other consideration include that 
conqjuter networks can provide a direct high-speed link to a 



